Payfone has spent the past five years partnering with the U.S. phone companies to connect 300 million people to its identity system. The company now hopes banks will want to tap into that database for authentication purposes.
Mobile devices are increasingly a target of fraudsters, particularly as more consumers use their phones and tablets for shopping. New mobile wallets such as Apple Pay and the upcoming CurrentC further push consumers to use their handsets for payments and banking. These trends are leading banks and retailers to rethink about their approach to authentication.
"The notion is that today as you look at mobile it's very different than PC; a lot of the techniques banks use on the PC [for user authentication] don't translate to mobile," said Rodger Desai, CEO of Payfone.
For example, because consumers get new phones frequently for upgrades or because of theft, loss or damage, it's harder to authenticate an individual to a specific smartphone than it is on a PC, which is usually kept for several years, said Desai.
Payfone uses an individual's unique SIM card number for mobile authentication, checking against the phone company's data. Payfone has partnered with four of the largest U.S. mobile operators.
In October last year, Early Warning, a bank-owned security company, announced a commercial agreement and equity investment in Payfone, to combine Payfone's mobile carrier data with Early Warning's transactional bank data. Early Warning is owned by Bank of America Corp., BB&T Corp., Capital One Financial Corp., JPMorgan Chase & Co. and Wells Fargo & Co. The company provides insight on nearly 600 million deposit accounts.
Later that month, Payfone raised $10 million from Early Warning. Early investors included Verizon Wireless, American Express Co. and Rogers Communications.
Payfone launched about two years ago with American Express, but when the company took its product to other Early Warning banks they told Payfone to build a persistent identity system, said Desai.
Now the authentication system can persist through 400 different change events, such as a person upgrading their smartphone, switching network operators or moves that lead to changes of phone number. Payfone gets 800 million change events daily, Desai said. Payfone gives every user a signature that sits above all these change events.
Today, consumers are challenged with secret questions or must implement two-factor authentication, said Desai. "It's annoying and ineffective; we keep relying on humans to be central to the identification process" but humans can be compromised or make mistakes, he said.
Three Tier 1 banks will be using Payfone's mobile authentication by the first quarter of 2015. Payfone doesn't disclose its revenue or number of clients.